Charles Lim - Honeynet Indonesia Chapter

Preview:

DESCRIPTION

Charles Lim - Honeynet Indonesia Chapter

Citation preview

Honeynet Indonesia ChapterHoneynet – Indonesia Chapter

Honeynet Seminar & Workshop Honeynet Seminar & Workshop Jakarta, 18 June 2013

Agenda• Introduction to HoneynetIntroduction to Honeynet• Introduction to Honeynet - Indonesia

ChapterChapter• What’s Up?

Wh t’ N t?• What’s Next?• About the Workshop• Conclusion

THANK YOU – SOLD OUT

THANK YOU

• To the Ministry of Communication and Informatics, especially Directorate Information SecuritySecurity

• To Swiss German University team, support toTo Swiss German University team, support to organize and make this event possible

• To all the speakers and sponsors

T ll d h f h• To all attendees that come for these events

Introduction to The Honeynet Introduction to The Honeynet Project

• Volunteer open source computer security research organization since 1999 (US 501c3

fit)non-profit)

Mi i ¨l th t l t ti d ti• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -share the lessons learned -http://www.honeynet.org

Introduction to The Honeynet Introduction to The Honeynet Project

Introduction to The Honeynet Introduction to The Honeynet Project

• Goal: Improve security of Internet at no cost to the public

• Awareness: Raise awareness of the threats th t i tthat exist

• Information: For those already aware, teach and inform about latest threatsand inform about latest threats

• Research: Give organizations the capabilities to learn more on their own

Introduction to The Honeynet Introduction to The Honeynet Project

• Global membership of volunteers with diverse• Global membership of volunteers with diverse skills and experiences

• Deploys networks of computer systems around the p y p yworld with the explicit intention of being hacked

• Share all of our tools, research and findings, at no t t th blicost to the public

• Members release regular activity status reports¨K Y E ¨ (KYE) hit l l• Know Your Enemy (KYE) white papers regularly published on current research topics

• Committed to open source and creative commonsCommitted to open source and creative commons• Partially funded by sponsors, nothing to sell!

Introduction to The Honeynet Introduction to The Honeynet Project

Brief Introduction to The Brief Introduction to The Honeynet Project

46 Chapters and 28 countries

Brief Introduction to The Honeynet Project

Honeynet Workshop 2013 @ The Address Dubai

Brief Introduction to The Honeynet Project

Honeynet Workshop 2012 @ Facebook HQ

Indonesia Chapter• 25 November 2011, about 15

people from academia, security professionals and government made the declaration duringmade the declaration during our yearly malware workshop at SGU (Swiss German University)University)

• 19 January 2012 accepted as part of Honeynet Chapterp y p

• Members: 70 (today)

Indonesia Chapter

• Indonesia Honeynet Project

• Id_honeynet

• http://www.honeynet.or.id

htt // l / /id h t• http://groups.google.com/group/id-honeynet

Introduction to The Honeynet Introduction to The Honeynet Project

Introduction to The Honeynet Introduction to The Honeynet Project

Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop

Honeynet Workshop 5-6 Juni 2012, Jakarta

Indonesia Honeynet ProjectIndonesia Honeynet ProjectSeminar & Workshop

Honeynet Workshop 20 Nop 2012, Surabaya

How we start?

• Four students of SGU in 2010 wanted to• Four students of SGU in 2010 wanted to explore how to use Data Mining to understand Cyber Security Threats:y y• 2 students focusing on Malware Threats• 2 students focusing on Cyber Terrorismg y

• 1 Student SGU focused on capturing malware using Honeypots (Nepenthes)

• We also invited Malware Expert, Pak Aat to share his experience

Road Mapp

20

Randy Anthony-SGU-

Amien H Rosyandino-ID SIRTII-

Michael-SGU-

Stewart-SGU-

Glenn-SGU-

Mario-SGU-

Road Mapp

Mario-SGU-

Andrew-SGU-

Tommy-SGU-

21

Michael-SGU-

Stewart-SGU-

Glenn-SGU-

SGU Honeypots• SGU Honeypot Network Designyp g

Live Demo

SGU HoneypotSGU Honeypot

Live Demo

National Malware Monitoring

• Central Repository for Malware captured by all• Central Repository for Malware captured by all universities sensors in Indonesia that participatep p

Previous Works

• Nano PC with Atom processors• Nano PC with Atom processors• Price Rp 3 million

Work in Progress

• Raspberry PI• Raspberry PI• ARM processor• RAM 512 MB 8 GB SD Card• RAM 512 MB, 8 GB SD Card

• Push Protocol

What’s Next?• Call for more participation from universities• Call for more participation from universities,

industry and government

• Requirements:• A commitment from the top management• At least 1 public IP address to start• Willing to submit malware samples to central

repositoryrepository

• You will get:g• 1 Nano PC to be installed in your infra

Our Previous Dashboard

W b I t f (2013)Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

Web Interface (2013)Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

Web Interface (2013)Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

Web Interface (2013)Web Interface (2013)

Thanks to Jonathan & Tommy (SGU IT Batch 2011)

What’s Next?

• Improving Stats Reporting• Improving Stats Reporting

• Sharing malware and stats• Sharing malware and stats

Adding more honeypots such as honeytrap• Adding more honeypots such as honeytrap, Glastopf, Kippo, etc.

• All raspberry honeypots

• Data Cleansing and Clustering Data Mining

Last Year Workshop

• We have one track with morning session and• We have one track with morning session and afternoon session

• Morning Session – Dionaea & Malware Analysis

• Afternoon Session – Capture The Flag

This Year WorkshopWaktu Track #1 Track #2 Track #3

08:15 – 08:30 Registrasi & Persiapan Seminar

08:30 – 09:00 Kata Sambutan (Kementerian KOMINFO)

09:05 – 10:00 Honeypot – Dionaea (Charles & Mario) Malware Analysis (Ricky) Memory Forensic (Mada)

10:00 – 10:15 Break

10:15 – 12:30 Honeypot Back End (Mario) Malware Analysis (Ricky) Memory Forensic (Mada)

12:30 – 13:15 ISOMA

13:15 – 14:45 Honeypot – Glastopf, Kippo (Amien) Botnet (Charles) ACAD-CSIRT

(Mantra & Greg)

14:45 – 15:00 Break

15:00 – 16:30 Developing Malware Lab (Digit) Botnet (Charles) Android Forensic (Feri)

Track #1• Morning Session – Dionaeag

• Speaker: Charles Lim and Mario Marcello• How to setup and configure Dionaea• How to create stats report for the captured traffic

• Afternoon Session I• Speaker: Amien Harisen• How to setup and configure Kippo and Glastopf

• Afternoon Session II• Speaker: Digit Oktavianto• How to setup your own Malware Lab

Track #2• Morning Session – Malware Analysis

• Speaker: Ricky Prajoyo• How to perform Reverse Engineering• How to perform Analysis of executable malware

samples

• Afternoon Session – BotnetS k Ch l Li• Speaker: Charles Lim

• Understanding Botnets• Analyzing Botnet activities• Analyzing Botnet activities

Track #3• Morning Session – Memory Forensics

• Speaker: Mada R. Perdhana• How to perform Memory Forensics• Forensic Stuxnet Malware samples• Forensic Stuxnet Malware samples

• Afternoon Session I – Java SecurityAfternoon Session I Java Security• Speaker: Gregorius Hendy• Secure Coding using Java

• Afternoon Session II – Android Forensics• Speaker: Feri Lauw• How to Perform Android Forensics

Further Information

• The Honeynet Project (http://www.honeynet.org)

• Indonesia Honeynet Project (http://www.honeynet.or.id) ( p y )

• Swiss German University (http://www.sgu.ac.id) ( p g )

• My Blog (http://people.sgu.ac.id/charleslim) ( p //peop e sgu ac d/c a es )

Honeynet - Indonesia Chapter

• Indonesia Honeynet Project

• Id_honeynet

• http://www.honeynet.or.id

htt // l / /id h t• http://groups.google.com/group/id-honeynet

Questions ???